BITS used as covert channel
Submitted by kernex on Fri, 2008-10-03 02:12.
Eric Landuyt from DataRescue analyzed a malware that exploits Background Intelligent Transfer Service (BITS) as a covert channel
From the site:
"A strange executable, named MSMSGS.EXE, was found on several machines on the network of a customer, apparently dropped by the exploitation of a vulnerability inside Word files. As monitoring tools (registry/file/socket) provided insufficient information on the malware's behaviour, we proceeded with a complete analysis."